You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.When VundoFix re-opens, click "Scan for Vundo" button.Once the scan is complete, right Click inside the listbox (white box) and click "add more files"Copy and paste the 2 entries below into the top 2 boxes (no arrows):

--> C:\WINDOWS\SYSTEM32\imjaimj.dll

Click "Add Files" and click "Close Window".Click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo - this is normal.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!

Download Combofix to your desktop. !! It is really important that combofix.exe is on your desktop, not somewhere else or not in a folder on your desktop.Then go to start > run and copy and paste next command in the field:

"C:\Documents and Settings\Owner\Desktop\combofix.exe" /v pmnlj

Hit enter. This should start the combofix.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot, it should open a log, combofix.txt. Post this log in your next reply together with a new hijackthislog.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

I want you to clean your cache and cookies from your internet explorer.There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer . ° Go to your control panel and open "Internet Options". ° Click on the "General" tab. ° Click the "Delete Cookies" button, then the "Delete Files" button. ° When prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button. ° Type the following in the fox --> cleanmgr and click ok. ° Let it scan your system for files to remove. ° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked. ° Press OK to remove them.

Start Killbox.exeSelect the "Delete on Reboot" option.Click on the "All Files" button (!important!),which will then flash green.Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

Open 'file' in the killboxmenu on top and choose Paste from clipboardYou must use the file File menu--pasting by right-clicking the mouse will only enter one file.Then press the button that looks like a red circle with a white X in it.Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".Click OK at any Pending File Rename Operations prompt, let me know if there appear.If you don't get that message, reboot manually.Your computer should reboot now.

Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.

Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.Copy / Paste the following line into the top Search Box:

kyfxlrrd

then on the second line down paste the following:

meuoqwkp

Now hit OK. After completion Notepad will be opened with all the found instances of the string. The resulting file is saved in the same location as RegSearch.exe

Run HijackThis.On the first menu, click Open the Misc Tools SectionClick Open Uninstall ManagerClick Save List - Save it anywhere.A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

Post back with the regsearch log, the uninstall list and a new Hijackthis log.

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. It's a going to be quite long, so I want to upload the file to me, to save space in this thread.Go to this page.Where it says, browse to the text file you saved earlier (you may need to close it first).Then click the Send File button below.

I can see that this is now legitimate, there's nothing malicious with this service at all, even though google finds nothing on it.How is the computer running now? Anything improved since we started?

Malware like this normally never comes alone and there are probably infected files left on your computer.

Please perform this online scan: Kaspersky WebscanRead the Requirements and Privacy statement, then select "Accept"A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cabSelect "Install" to download the ActiveX controls that allows ActiveScan to run.When the download is complete it will say ready, click "Next"Select a target to scan: Click on "My Computer"When the scan is complete choose to save the results as "Save as Text"Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.